Tuesday, December 08, 2015

Hashcat,
the popular password recovery utility advertised as the world’s
fastest password cracker, has been released as open source.

The
announcement was first made on December 4 on Twitter via an MD5
hash that read “hashcat open source” when cracked. Jens
'atom' Steube, the main Hashcat developer, later announced in a post
on the official
forum that the source code for both Hashcat, the CPU-based tool,
and oclHashcat, the GPU-based version, has been released under the
MIT license.

… The
source code for Hashcat
and oclHashcat
is available on GitHub. Bug fixes and new features can be submitted,
but contributors must ensure that their code complies with a
specified set of requirements.

For
some reason I don't think this is the last we'll hear of the OPM
breach.

The last of the notices are set to go out
this week to the more than 21 million people whose personal
information was stolen in a cyber breach of government security
clearance files, with about 1.5 million of those having signed up so
far for identity and credit monitoring services.

… Take the case of Cathy Bernstein, for
example. The 57-year-old woman made an absolutely boneheaded play by
rear-ending another vehicle and then fleeing the scene. Bernstein,
perhaps thinking that she had gotten away with her act of
recklessness, went about her business until she received a call from
police dispatch.

How did police dispatch find out that Bernstein
was even involved in an accident? Well, her Ford
vehicle was equipped with an Emergency Assistance feature that alerts
emergency personnel when it detects that the vehicle has been
involved in a serious accident. In addition to alerting first
responders about a serious accident, an onboard GPS module can
pinpoint the exact time and location of the accident.

… Use of GPS
technology in vehicles is already drawing
criticism from privacy groups, as they feel that innocent
citizens could have their personal information and driving habits
wind up in the hands of law enforcement. In the case involving Cathy
Bernstein, the good guys won, but some feel that automatically
dialing law enforcement represents a violation of fourth amendment
rights.

New
software watches for license plates, turning you into Little Brother

We now live in a world where if you have an
IP-enabled security camera, you can download some free, open-source
software from GitHub
and boom—you have a fully functional automated license plate reader
(ALPR, or LPR).

… For the last six months, the two-man team
behind OpenALPR has built this
software and given it away for free, largely as a way to draw
attention to their other paid services:

How would DNA testing be different from a test for
pollen or mud from a crime scene? What basis would there be to seize
clothing if it could not be examined for evidence?

Please forgive me, I feel a rant coming on. The
“easy” solution (ask any politician) is to ban encryption. Let's
ignore the fact that ISIS (and others) are attracting followers via
unencrypted social media. Apparently, we have no counter for “the
gospel according to ISIS.” We don't even try to develop a counter
argument. Instead we blame encryption – even when the evidence
says encryption was not used.

The head of the House Homeland Security Committee
is pushing a new initiative to deal with the proliferation of
encrypted devices that critics say allow terrorists to communicate
without detection.

The effort by Chairman Michael McCaul (R-Texas)
will not force concessions on tech companies, he said Monday.

Instead, it would create “a national commission
on security and technology challenges in the digital age,” which
McCaul promised would be tasked with providing specific
recommendations for dealing with an issue that has become a priority
for law enforcement officials.

… “It is time for Congress to act because
the White House has failed to bring all parties together —
transparently — to find solutions.”

… McCaul initially
claimed that the terrorists behind last month’s deadly
attacks in Paris had the encrypted messaging application Telegram on
their phones.

However, a staffer subsequently told The Hill that
he “was providing a reference point to the types of encrypted
messaging platforms that are available” and is
not aware “of any specific app on the Paris attackers’
phones.”

Still, the staffer noted that intelligence
officials have indicated that they
believe the attackers communicated through encrypted
channels.

(Related) There may be no evidence that this will
help, but “we've got to do something!”

… The researchers found that the average order
size of low spenders (defined as shoppers whose total spending was
less than the median in the first phase) increased after they adopted
mobile shopping. They also placed more orders per year than they had
using only a computer. Among high-spending mobile shoppers, the size
of the order remained about the same. But, as with the low spenders,
the frequency of their purchases steadily increased the more they
used their mobile devices for shopping.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.